Дополнительная информация

Как мы защищаем ваши данные

Какие принимаются процедуры против взлома данных

От каких третьих сторон мы получаем данные

Требования к раскрытию отраслевых нормативных требований

PUSSY-CAT TM GROUP Limited Privacy and Data PolicyIntroduction1This Policy governs our processing of your personal information and the way in which we deal with other data that is not personal information. “Personal information” is the Czech Republic & RUSSIA term for “personal data” as defined in the European Union’s General Data Protection Regulation EU2016/679 (“GDPR”). The term “processing” is used as defined in the GDPR. It includes collection, storage, and all of the ways we use, and allow you to use, personal information, when we provide our services. You are the data controller under the GDPR of the personal information you provide to us as part of your Account Data (see below). PUSSY-CAT TM GROUP Limited (Czech Republic & RUSSIA company number 4136598) (“we”, “us” or “our”) of Level 21, Huawei Centre, 120 Albert Street, Auckland, New Zealand is the data controller under the GDPR of all other personal information.2This Policy is divided into five sections to make it easier for you to see which provisions apply to different types of data. Words and phrases which are defined in our Terms of Service (“ToS”) have the same meanings when they are used in this Policy.3The sections of this Policy are:3.1This Introduction section.3.2The “Your Files” section. This covers the actual encrypted files that you upload, access and share using our services.3.3The “Your Chats” section. This covers the encrypted text, voice and video chats you engage in using our services.3.4The “Account Data” section. This covers the metadata that is collected and generated by our systems when you use our services, and the information that you provide to us when you register and communicate with us.3.5The “Website Usage Data” section. This covers the data that is collected and generated by our systems when anyone browses our website.3.6The “General Terms” section, which applies to all our services and all types of data.4The GDPR provides rights to European users, but, as a leading privacy company, we make the GDPR protections and rights available to all our users globally in respect of their personal data (or “personal information” as we refer to it in New Zealand), wherever you may live.Your Files5This is the section of this Policy that covers the actual encrypted files that you upload, access and share using our services (“Your Files”). The following specific terms apply:5.1When you upload a file, it is already encrypted at your device, so we do not know whether it is personal to you or someone else, relates to a business or some other organisation, or what it contains. We also generate and store encrypted previews of images, videos and certain other types of file. We gather a small amount of metadata about the type of file, but that does not disclose the content or information that the file contains. In relation to metadata, see the section of this Policy specifically covering Account Data.5.2All Your Files remain encrypted at all times while they are on our system. They are never received, stored or otherwise dealt with by us in unencrypted form because any decryption takes place only on your device or that of another user to whom you have provided the file/folder links and keys that are created when you give them access. Your Files are therefore not personal data under the GDPR (or “personal information” as we refer to it under the New Zealand Privacy Act 1993) since they are never held by Mega in a form that is information about an identified or identifiable natural person.5.3We collect Your Files because that is necessary for us to provide our end-to-end encrypted cloud storage and collaboration services that you contract for when you agree to our ToS.5.4Although Your Files are not personal information within our system because you have encrypted them, you should know that we store Your Files and make them available from servers that are owned and controlled by us, in secure facilities in Europe or in countries (such as New Zealand) that the European Commission has determined to have an adequate level of protection under Article 45 of the GDPR, depending where you are based. None of Your Files are stored in, or made available from, the United States of America.5.5We keep Your Files while you are subscribed to our services but subject to our suspension and termination rights set out in our ToS. You must maintain copies of Your Files. We do not make any guarantees that there will be no loss of data or the services will be bug free. You should download Your Files prior to termination of services including where the administrator of a business account, within which you have used the services, terminates that business account (see clause 12 below). If you forget your password you will lose access to all Your Files unless you have exported a Recovery Key.5.6When you delete one of Your Files it will be made inaccessible, marked for deletion and removed when the next appropriate file purging process is run, subject to any retention specifically allowed under this Policy or our ToS. After account termination, all Your Files will be marked for deletion and removed when the next appropriate file purging process is run, subject to any retention specifically allowed under this Policy or our ToS.5.7The deletion process specified in 5.6 will not apply to a deduplicated file that is associated with another user (see our ToS).5.8We may, but shall not be obliged to, keep Your Files after your account has been suspended or terminated. In particular, we may, but shall not be obliged to, keep Your Files where we consider it necessary for evidential purposes relating to a breach of our ToS or with respect to current or anticipated action by any competent enforcement authority or other third party. With respect to release of Your Files to competent enforcement authorities and third parties, see our Takedown Guidance Policy.5.9See also the General Terms section of this Policy which applies to all types of data, including Your Files.Your Chats6This is the section of this Policy that covers the content of your text, voice and video chats (“Your Chats”). The following specific terms apply:6.1For private chats only the people using the accounts that you’re engaging with in the chat can read, see or hear the chat content posted while they were a member of that chat group. Public chats can be read by anyone who has the link to that chat. Every text message you send is stored as an encrypted binary large object (“blob”). The times and participants of your successful and unsuccessful chats are stored in unencrypted form. The content of voice and video chats is not retained. If you have enabled rich URL previews, a plain text preview is generated in our system but is stored separately. When you review the text or voice chat history and contents, or reinitiate that chat with the same participant(s), the blobs are decrypted in your browser or mobile app.6.2All Your Chats remain encrypted at all times while they are on our system. They are never stored or otherwise dealt with by us in unencrypted form because encryption and any decryption of the blob takes place only on your device. Your Chats are therefore not personal data under the GDPR (or “personal information” as we refer to it under the New Zealand Privacy Act 1993) since they are never held by Mega in a form that is information about an identified or identifiable natural person.6.3We retain and store Your Chats because that is necessary for us to provide our end-to-end encrypted chat service that you contract for when you agree to our ToS.6.4Although Your Chats are not personal information within our system because you have encrypted them, you should know that we store Your Chats and make them available in encrypted form from servers that are owned and controlled by us, in secure facilities in Europe or in countries (such as New Zealand) that the European Commission has determined to have an adequate level of protection under Article 45 of the GDPR, depending where you are based. None of Your Chats are stored in, or made available from, the United States of America.6.5We keep Your Chats while you are subscribed to our services but subject to our suspension and termination rights set out in our ToS. We do not make any guarantees that there will be no loss of data or the services will be bug free.6.6Chats may be deleted by the moderator of the chat, which may be you or another Mega user (depending on who has initiated the chat and been granted moderator rights). When the moderator deletes the chat history it will be removed from his or her chat and will no longer be accessible to any participant in that chat.6.7See also the General Terms section of this Policy which applies to all types of data, including Your Chats.Account Data7This is the section of this Policy that covers account information you give us, and metadata that we generate in relation to Your Files, Your Chats and your account. The following specific terms apply:7.1When you sign up for particular services on our website you may need to give us the details required in our registration form and will need to keep that information up to date, including any payment account details (e.g. online payment provider account information).7.2You do not need to give us any information other than an email address to use a free Mega account, but the volume of Your Files that you can store and some other functionality is limited with such accounts. Where you wish to access greater storage and other functionality under a paid plan, you will need to give us (including our related or affiliated entities, payment processors and resellers) the information (such as tax identification and payment information) that is required under the particular plan and our ToS in relation to those services. For paid plans Mega Limited, and its related or affiliated entities, payment processors and resellers that you use to make payments, retain account and payment information including a record of all transactions on your account.7.3When you use our services, our systems retain the following metadata in unencrypted form:browser type and operating system of the devices from which you have logged in to Mega;IP address and port information for logins, API usage, file uploads, folder creations and link exports;The country that we expect you are accessing our services from (inferred by matching your IP address to a public IP address database);File sizes, versioning order, timestamps and parent-child file relationships;Deletion timestamps;The email address of anyone you have specifically made a contact using Mega’s systems. Note that Your Files and folders can be shared privately by invitation to specified email addresses or shared more generally by creating a file or folder link and decryption key;Contact email addresses of chat participants, chat commencement time and chat duration, and moderation activity;Takedowns and account suspensions;Our communications with you;Your personal account settings, including any avatar picture.7.4From time to time we may need to communicate with each other directly. We will use Mega’s chat facility, internal messaging system or the email address you have included in the settings information in your account. Any communication to you will be deemed to be received by you in accordance with the electronic communication provisions of the New Zealand Contract and Commercial Law Act 2017, no matter whether you are actively monitoring the account or its email address or not. You can communicate with us using the appropriate address on our contacts page and your email will be deemed to be received by us in accordance with the electronic communication provisions of the New Zealand Contract and Commercial Law Act 2017. Examples of direct communications include copyright or other enforcement emails, notifications under our Takedown Guidance Policy, system update information, data breach notifications, notification of major changes to our ToS or this Policy and billing information.7.5Access to your account is by way of nominated email address and password. It is your responsibility to keep these safe and secure as Mega stores the email address but does not store the password. If you forget your password you will lose access to all your data unless you have exported a Recovery Key.7.6We will collect, store, use and otherwise process Account Data so that we can provide the services you have contracted to obtain from us under our ToS. We also have a legitimate interest in processing Account Data so that we can maintain and improve our systems and services and communicate with you as referenced in this Policy.7.7We retain Account Data as long as your account is active. After account suspension or termination including where the administrator of a business account, within which you have used the services, terminates that business account (see clause 12 below), we may, but shall not be obliged to, retain all Account Data if enforcement action is likely or commenced under our ToS or Takedown Guidance Policy or for 12 months, whichever is longer. Users sometimes request that an account be re-activated so we keep Account Data for 12 months for that purpose. Where there is no enforcement action likely or commenced and the 12 month period has expired, Account Data that identifies you will be anonymised, but where you are a contact of, have had a folder shared with you by, or have chatted with, another Mega user, those details will continue to be retained to allow services to continue for those other users. See also the General Terms of this Policy with regard to retention.7.8You can download your Account Data at https://mega.nz/fm/account/security while you are logged into your account. This will provide your Account Data but not Your Files. You can request correction of Account Data if it is considered incorrect, in accordance with the New Zealand Privacy Act 1993 and the GDPR. Any requests for access to, or correction of, Account Data that is not available to you when you are logged into your account, or if you cannot log in to your account, should be made to privacy@mega.nz specifying the information in question. The information will be provided promptly, and at least within one month, without charge unless the request is manifestly unfounded or excessive. Corrections will be promptly considered and actioned if appropriate.7.9If Mega has disclosed the Account Data to any third party (such as a compliance authority), it will inform them of any correction where possible and will also inform the individuals about the third parties to whom the data has been disclosed where lawful and appropriate.7.10See also the General Terms section of this Policy which applies to all types of data, including Account Data.Website Usage Data8This is the section of this Policy that covers activity on our website (“Website Usage Data”). The following specific terms apply:8.1We may collect data about visits to our website to measure the number of visitors to different parts of the website, to assess user access patterns, to make the website load faster and otherwise to operate the website. We may use cookies or other similar technology for these purposes. It is necessary for us to do this so that we can accelerate login and loading of the encryption functionality of our website that you contract for when you agree to our ToS, so that we can improve the functionality of our website and to provide offers of additional services. By using our website, apps or our services, you specifically consent to our use of cookies and such other technology to collect data.8.2Where the website has stored your login session, you can delete or disable that information from browser localStorage, but this will result in longer load times and/or the need to re-enter your account credentials every time you open the website.8.3We may:8.3.1join Website Usage Data with other users’ data and give it to advertisers in a way which doesn’t personally identify any particular user;8.3.2analyse and use Website Usage Data for marketing or statistical purposes as well as to improve the way we do business with our users;8.3.3serve advertisements or use third-party advertising companies to serve advertisements on the website and on third party sites, as well as to assist us in analysing our marketing and other business efforts. We and these advertisers may use cookies or other similar technology to collect information about your visits to the website and other sites in order to provide targeted advertisements to you.8.4We collect and keep Website Usage Data with your consent to provide services and support related to the website and our services, for market and product research and to be able to give users promotional material and special offers on our services. If you withdraw consent to our processing of Website Usage Data you will have to close your account.8.5See also the General Terms section of this Policy which applies to all types of data, including Website Usage Data.General Terms9This is the section of this Policy that covers all types of data.Basis of processing and dealing with data10As noted above, we process your personal information because we have contracted with you to do so under our ToS, this Policy, and our Takedown Guidance Policy. We cannot provide our services without that data. Other data that is not personal information is also dealt with by us in accordance with our ToS, this Policy, and our Takedown Guidance Policy.Giving access to other users11You must ensure that anyone to whom you give access to any of Your Files, Your Chats or your Account Data complies with our ToS, our Takedown Guidance Policy and this Policy. You are responsible for their compliance. This applies particularly where you are the administrator of a business account.12For business accounts, to the administrator of that account can see and deal with the files and data associated with all users within that account (including any data and any personal information). In addition:12.1if the business account is suspended or terminated, the action will affect the data and personal information of every user within that account;12.2the administrator of the business account will be able to see and deal with, change or delete the files and data associated with every user within that account (including any of Your Data, Your Chats, Account Data and any of your personal information);12.3the administrator of the business account will be able to terminate any user’s account within the business account, restrict or disable usage of the account, change any user’s password and otherwise deny access to the account and you will then lose access to all Your Data, Your Chats, Account Data and all personal information associated with your usage of the business account.Your own security practices are critical13We strongly urge you to use best practices for ensuring the safety of your systems and devices (e.g. via unique passwords, security upgrades, firewall protection, anti-virus software, securing devices). Mega will never send an email asking for your password or suggesting that you click a link to login to your account, so do not be fooled by any such email since it will not be from us. We cannot guarantee the security of computers or devices nor of transmission from and to your device over the Internet and thus cannot guarantee there will be no unauthorised access. Also, if you lose or otherwise allow access to your password or encryption keys, you will lose the security of all your data. If you forget your password you will lose access to all your data unless you have exported a Recovery Key. Using the same password for Mega as you have used at other sites can lead to others accessing and taking control of your Mega account if one of those other sites is breached or hacked.Disclosure for civil or criminal enforcement14If we think it is necessary or we have to by law in any jurisdiction, then we are entitled to give Your Files, Your Chats, any Account Data and any Website Usage Data to competent authorities. We reserve the right to assist any law enforcement agency with investigations, including disclosure of information to them or their agents. We also reserve the right to comply with any legal processes, including but not limited to subpoenas, search warrants and court orders initiated by enforcement authorities or other third parties. We may disclose Your Files, Your Chats, any Account Data and any Website Usage Data to enforce or apply our ToS or any other agreement we have with you, or to protect the rights, property, or safety of us or our other users, third parties or the operation of our services. For more detail on disclosure to competent enforcement authorities and other third parties, see our Takedown Guidance Policy.Mega Limited and its related or affiliated entities, payment processors and resellers15You have a contract with Mega Limited (New Zealand company number 4136598) but our services (including payment and personal information processing) may be provided by Mega Limited’s related or affiliated entities, payment processors and resellers, in other jurisdictions, subject to applicable laws. You authorise Mega Limited and each of those related or affiliated entities to collect, store, share and otherwise process Your Files, Your Chats, any Account Data and any Website Usage Data among themselves, as necessary to provide the services, subject to applicable laws. All such entities are located in Europe or in countries (such as New Zealand) that the European Commission has determined to have an adequate level of protection under Article 45 of the GDPR.You authorise Mega Limited and each of those related or affiliated entities, payment processors and resellers to collect, store, share and otherwise process among themselves such Account Data as is necessary to provide payment processing, subject to applicable laws.No commercial sale of data16We will never sell Your Files, Your Chats, any Account Data or any Website Usage Data. We will not disclose or otherwise provide Your Files, Your Chats, any Account Data or any Website Usage Data to a third party, or make any other use of Your Files, Your Chats, any Account Data or any Website Usage Data, for any purpose which is not specifically allowed under this Policy, our ToS or our Takedown Guidance Policy or is not incidental to the normal use of our services.Mega’s data security17Data security is very important to Mega, whether that is your personal information or any other data. That is why we publish our client-side browser and mobile app software, provide a bug bounty to encourage reporting on any issues, and why we have provided information in this Policy on collection and storage of all data whether or not it is personal information. For more information on our security practices, see our blog.Communications18We may send invoices, security or service updates and various other notices by email to the email address listed in your account or using any of our chat or messaging systems. They will be deemed to be received in accordance with our ToS .19If appropriate, some of those notices will contain unsubscribe information so you can opt out of further receipt. We will abide by any email unsubscription request (other than those we need to send for invoicing, security or service updates and other service provider purposes).20In some cases a person may receive an email from us asking the person to confirm their new Mega account email address, but in fact they haven’t tried to open an account — someone else has started the process and used their email address either maliciously or by mistake. In these cases, Mega has an ephemeral/incomplete account that might be used to upload files. On request, and after proving ownership of the email address, we will arrange for the account to be deleted.Law21Subject to the rights that those in the European Union have under the GDPR, this Policy and its interpretation and operation are governed solely by New Zealand law. Subject to the rights that those in the European Union have under the GDPR, you, Mega and all users, submit to the exclusive jurisdiction of the New Zealand arbitral tribunals and courts as further described in our ToS and you agree not to raise any jurisdictional issue if we need to enforce an arbitral award or judgment in New Zealand or another country.Contact and complaints22Questions and comments regarding this Policy are welcomed and should be addressed to the Privacy Officer at privacy@mega.nz. For a comprehensive list of contact details for Mega Limited, and each of our related or affiliated entities, payment processors and resellers, together with details of how to contact our privacy officer and data protection officer, see our contacts page.23If you are in Europe or otherwise have the right to lodge a complaint with a supervisory authority, you can find contact details for Mega’s European Representative and European supervisory authority on our contacts page.Changes to our Policy24We may make changes to this Policy in the future. Any changes will be notified to all users.Last updated 15 November 2019, effective 20 December 2019.